2 matches found
Security update for rmt-server
This update for rmt-server fixes the following issues: Update to version 2.23 CVE-2025-46727: Fixed Unbounded-Parameter DoS in Rack:QueryParser. bsc1242893 CVE-2025-32441: Fixed a bug where simultaneous rack requests can restore a deleted rack session. bsc1242898 Patch Instructions: To install th...
Rack session gets restored after deletion
Summary When using the Rack::Session::Pool middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Details Rack session middleware prepares the session at the beginning of request, then saves is back to the store wit...